UK-based GateHub releases final investigation update; fails to address compensatory concerns
June saw major security breaches on two XRP trading platforms. While Bitrue’s final official statement stated that 100% of the stolen funds would be recovered, the same cannot be same for GateHub. GateHub’s hack accounted for 18,473 compromised accounts, of which 5,045 XRP Ledger wallets had active balances.
In the initial statement, the UK-based service provider had stated that the criminal hacker had “well-orchestrated” the attack and “gained unauthorized access to a database holding valid access tokens of our customers.”
GateHub, after reviewing the activity for over a month, revealed that users’ email addresses, hashed passwords, hashed recovery keys, encrypted XRP ledger wallet secret keys [non-deleted wallets only], first names [if provided], and last names [if provided] were targeted. The final statement released by the GateHub team on July 19 further stated,
“As a precaution, we are generating new encryption keys and re-encrypting all sensitive information such as XRP ledger wallets secret keys on all accounts upon next sign-in. Behind the scenes, we are taking other precautions as well.”
The company, which once said “100% backed and secure” on its official website, has now taken it down, with Gatehub yet to retrieve and compensate the stolen funds. The perpetrators could not be traced, at the time of writing. However, the recently published update also said that GateHub was working closely with law enforcement agencies from different jurisdictions to identify the criminals.
GateHub is a gateway for trading on XRP ledger’s decentralized exchange [DEX], lacks a private ledger and stores the wallet details of its users, but not their funds, as opposed to traditional cryptocurrency exchanges, which have private ledgers and tracks their users’ funds.
The perpetrators in this case could access the private keys of users’ wallets and make withdrawals from their on-ledger XRP accounts. Hence, on a platform such as this one, users’ are held for the custody of their own funds.
Source: Read Full Article